var crypto = require('crypto'),
    Acl = require('../acl.js'),
    User = require('../models/user.js'),
    Post = require('../models/post.js');

module.exports = function(app) {
  app.get('/sign-up', Acl.checkNotLogin);
  app.get('/sign-up', function (req, res) {
    res.render('sign-up', {
      title: 'Sign Up',
      user: req.session.user,
      success: req.flash('success').toString(),
      error: req.flash('error').toString()
    });
  });

  app.post('/sign-up', Acl.checkNotLogin);
  app.post('/sign-up', function (req, res) {
    var userName = req.body.userName,
        email = req.body.email,
        password = req.body.password,
        password_re = req.body['passwordRepeat'];

    if (!userName) {
      req.flash('error', 'User Name can\'t be empty!'); 
      return res.redirect('/sign-up');
    }

    if (!email) {
      req.flash('error', 'Email can\'t be empty!'); 
      return res.redirect('/sign-up');
    }

    if (!password) {
      req.flash('error', 'Password can\'t be empty!'); 
      return res.redirect('/sign-up');
    }

    if (!password_re) {
      req.flash('error', 'Password Repeat can\'t be empty!'); 
      return res.redirect('/sign-up');
    }

    if (password_re != password) {
      req.flash('error', 'Password Repeat should be matched with Password!'); 
      return res.redirect('/sign-up');
    }

    var md5 = crypto.createHash('md5'),
        password = md5.update(req.body.password).digest('hex');
    var newUser = new User({
        userName: userName,
        email: email,
        password: password
    });
    User.get(newUser.userName, newUser.email, function (err, user) {
      if (user) {
        req.flash('error', 'User Name/Email is already exist!');
        return res.redirect('/sign-up');
      }
      newUser.save(function (err, user) {
        if (err) {
          req.flash('error', err);
          return res.redirect('/sign-up');
        }
        req.session.user = user;
        req.flash('success', 'Sign up successfully!');
        res.redirect('/');
      });
    });
  });

  app.get('/sign-in', Acl.checkNotLogin);
  app.get('/sign-in', function (req, res) {
    res.render('sign-in', {
      title: 'Sign in',
      user: req.session.user,
      success: req.flash('success').toString(),
      error: req.flash('error').toString()
    }); 
  });

  app.post('/sign-in', Acl.checkNotLogin);
  app.post('/sign-in', function (req, res) {
    var loginName = req.body.loginName;
    var password = req.body.password;
    if (!loginName) {
      req.flash('error', 'User Name/Email can\'t be empty!'); 
      return res.redirect('/sign-in');
    }

    if (!password) {
      req.flash('error', 'Password can\'t be empty!'); 
      return res.redirect('/sign-in');
    }

    var md5 = crypto.createHash('md5'),
        password = md5.update(password).digest('hex');
    User.get(loginName, loginName, function (err, user) {
      if (!user) {
        req.flash('error', 'User Name/Email is not exist!'); 
        return res.redirect('/sign-in');
      }
      if (user.password != password) {
        req.flash('error', 'Password is wrong!'); 
        return res.redirect('/sign-in');
      }
      req.session.user = user;
      req.flash('success', 'Sign in successfully!');
      res.redirect('/');
    });
  });

  app.get('/sign-out', Acl.checkLogin);
  app.get('/sign-out', function (req, res) {
    req.session.user = null;
    req.flash('success', 'Sign out successfully!');
    res.redirect('/');
  });
};